Hi Pol, On Mon, Jul 18, 2016 at 02:18:03PM +0200, Pol Hallen wrote: > I've a network 192.168.2.0/24 connected by routing to 192.168.1.0/24 > > I'd like blocks clients on 192.168.2.0/24 between then in same network. > > So, client1 can go to 192.168.1.0/24 but can't see other clients in > 192.168.2.0/24. And so for all clients.
I'm having difficulty visualising what you're asking. Depending on what the IP address of client1 is it could be a very different question. You say "client1 […] can't see other clients in 192.168.2.0/24" so I will have to assume that client1 is also in 192.168.2.0/24. But then it isn't clear why you mention the other 192.168.1.0/24 network at all. Anyway, if your problem is that you have multiple hosts in the same layer 3 network (192.168.1.0/24) but you don't want them to talk to each other: Presumably they are all connected to the same switch(es), which may have layer 3 firewalling capabilities, but these will be of no use since they won't see the layer 3 traffic like a router does. In an ideal world you'd use VLANs and have the different switch ports in different networks. Note that just putting hosts in different networks won't be enough; it would stop them talking to devices outside their network by default, but they could just add a static route themselves. Your switch may have layer 2 firewalling capabilities. If your switch is actually a Linux box then it certainly does have layer 2 firewalling; this is provided by a thing called ebtables. After you've put all interfaces of your switch in a software bridge it can be as simple as: # ebtables -P FORWARD DROP Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting
